configs/hu-berlin.nix

{ config, pkgs, lib, ... }:
let
  inherit (lib.strings) fileContents;
  inherit (import <niveum/lib>) sshPort;
  eduroam = {
    identity = fileContents <secrets/eduroam/identity>;
    password = fileContents <secrets/eduroam/password>;
  };
  eduroamAuth = ''
    key_mgmt=WPA-EAP
    eap=TTLS
    proto=RSN
    identity="${eduroam.identity}"
    anonymous_identity="anonymous@wlan.hu-berlin.de"
    altsubject_match="DNS:srv1-radius.cms.hu-berlin.de;DNS:srv2-radius.cms.hu-berlin.de"
    password="${eduroam.password}"
    ca_cert="${
      pkgs.fetchurl {
        url =
          "https://www.cms.hu-berlin.de/de/dl/netze/wlan/config/eduroam/t-telesec_globalroot_class_2.pem";
        sha256 = "0if8aqd06sid7a0vw009zpa087wxcgdd2x6z2zs4pis5kvyqj2dk";
      }
    }"
    phase2="auth=PAP"
  '';
in {
  networking.wireless.networks = {
    eduroam_5GHz.auth = eduroamAuth;
    eduroam.auth = eduroamAuth;
  };

  fileSystems."/mnt/moodle" = {
    device = "moodle@toum.r:/var/lib/moodle";
    fsType = "fuse.sshfs";
    options = [
      "IdentityFile=/root/.ssh/id_rsa"
      "Port=${toString sshPort}"
      "_netdev"
      "allow_other"
      "default_permissions"
      "gid=100"
      "idmap=user"
      # "noatime"
      "noauto"
      # "nodiratime"
      "x-systemd.nofail"
      "reconnect"
      "ro"
      "uid=1000"
      "x-systemd.automount"
      "x-systemd.device-timeout=1s"
      "x-systemd.idle-timeout=1min"
      "x-systemd.mount-timeout=1s"
      "x-systemd.requires=tinc.retiolum.service"
      "x-systemd.requires=wpa_supplicant.service"
    ];
  };


  environment.systemPackages = [
    pkgs.sshfsFuse

    (pkgs.writers.writeDashBin "hu-vpn" ''
      ${pkgs.openfortivpn}/bin/openfortivpn -p "${eduroam.password}" -c ${pkgs.writeText "hu-berlin.config" ''
        host = forti-ssl.vpn.hu-berlin.de
        port = 443
        trusted-cert = e5a7d56543002ffe1e8962caa5fd6d94053aa702381458247b670877a66f3c6f
        username = ${eduroam.identity}
      ''}
    '')
  ];

  services.openvpn.servers.hu-berlin = {
    autoStart = false;
    authUserPass = {
      username = eduroam.identity;
      password = eduroam.password;
    };
    config = fileContents (pkgs.fetchurl {
      url =
        "https://www.cms.hu-berlin.de/de/dl/netze/vpn/openvpn/hu-berlin.ovpn";
      sha256 = "15b55aibik5460svjq2gwxrcyh6ay4k8savd6cd5lncgndmd8p8h";
    });
  };
}
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`{ config, pkgs, lib, ... }:`
Factor out HU 2019-01-08 18:22:54 +01:00			`let`
fix: openvpn 2020-01-18 08:02:02 +01:00			`inherit (lib.strings) fileContents;`
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`inherit (import <niveum/lib>) sshPort;`
eduroam, traadfri: use shared secrets 2019-06-18 09:23:20 +02:00			`eduroam = {`
chore: reorganize secrets 2020-09-24 19:25:47 +02:00			`identity = fileContents <secrets/eduroam/identity>;`
			`password = fileContents <secrets/eduroam/password>;`
eduroam, traadfri: use shared secrets 2019-06-18 09:23:20 +02:00			`};`
wifis 2019-05-14 07:18:04 +02:00			`eduroamAuth = ''`
			`key_mgmt=WPA-EAP`
			`eap=TTLS`
			`proto=RSN`
			`identity="${eduroam.identity}"`
			`anonymous_identity="anonymous@wlan.hu-berlin.de"`
			`altsubject_match="DNS:srv1-radius.cms.hu-berlin.de;DNS:srv2-radius.cms.hu-berlin.de"`
			`password="${eduroam.password}"`
chore: nixfmt 2020-06-10 17:37:25 +02:00			`ca_cert="${`
			`pkgs.fetchurl {`
			`url =`
			`"https://www.cms.hu-berlin.de/de/dl/netze/wlan/config/eduroam/t-telesec_globalroot_class_2.pem";`
			`sha256 = "0if8aqd06sid7a0vw009zpa087wxcgdd2x6z2zs4pis5kvyqj2dk";`
			`}`
			`}"`
wifis 2019-05-14 07:18:04 +02:00			`phase2="auth=PAP"`
			`'';`
Factor out HU 2019-01-08 18:22:54 +01:00			`in {`
			`networking.wireless.networks = {`
wifis 2019-05-14 07:18:04 +02:00			`eduroam_5GHz.auth = eduroamAuth;`
			`eduroam.auth = eduroamAuth;`
Factor out HU 2019-01-08 18:22:54 +01:00			`};`

feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`fileSystems."/mnt/moodle" = {`
			`device = "moodle@toum.r:/var/lib/moodle";`
			`fsType = "fuse.sshfs";`
			`options = [`
fix(sshfs): depend on tinc and wpa_supplicant 2020-11-01 08:25:11 +01:00			`"IdentityFile=/root/.ssh/id_rsa"`
			`"Port=${toString sshPort}"`
			`"_netdev"`
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`"allow_other"`
			`"default_permissions"`
			`"gid=100"`
			`"idmap=user"`
fix(hu-berlin): fix sshfs mount on homeros 2020-11-01 22:05:59 +01:00			`# "noatime"`
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`"noauto"`
fix(hu-berlin): fix sshfs mount on homeros 2020-11-01 22:05:59 +01:00			`# "nodiratime"`
			`"x-systemd.nofail"`
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`"reconnect"`
			`"ro"`
fix(sshfs): depend on tinc and wpa_supplicant 2020-11-01 08:25:11 +01:00			`"uid=1000"`
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`"x-systemd.automount"`
			`"x-systemd.device-timeout=1s"`
fix(sshfs): depend on tinc and wpa_supplicant 2020-11-01 08:25:11 +01:00			`"x-systemd.idle-timeout=1min"`
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`"x-systemd.mount-timeout=1s"`
fix(sshfs): depend on tinc and wpa_supplicant 2020-11-01 08:25:11 +01:00			`"x-systemd.requires=tinc.retiolum.service"`
			`"x-systemd.requires=wpa_supplicant.service"`
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`];`
			`};`


feat(hu-berlin): add alternate vpn 2020-09-03 19:16:27 +02:00			`environment.systemPackages = [`
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`pkgs.sshfsFuse`

feat(hu-berlin): add alternate vpn 2020-09-03 19:16:27 +02:00			`(pkgs.writers.writeDashBin "hu-vpn" ''`
			`${pkgs.openfortivpn}/bin/openfortivpn -p "${eduroam.password}" -c ${pkgs.writeText "hu-berlin.config" ''`
			`host = forti-ssl.vpn.hu-berlin.de`
			`port = 443`
			`trusted-cert = e5a7d56543002ffe1e8962caa5fd6d94053aa702381458247b670877a66f3c6f`
			`username = ${eduroam.identity}`
			`''}`
			`'')`
			`];`

fix: openvpn 2020-01-18 08:02:02 +01:00			`services.openvpn.servers.hu-berlin = {`
			`autoStart = false;`
			`authUserPass = {`
			`username = eduroam.identity;`
			`password = eduroam.password;`
Factor out HU 2019-01-08 18:22:54 +01:00			`};`
fix: openvpn 2020-01-18 08:02:02 +01:00			`config = fileContents (pkgs.fetchurl {`
chore: nixfmt 2020-06-10 17:37:25 +02:00			`url =`
			`"https://www.cms.hu-berlin.de/de/dl/netze/vpn/openvpn/hu-berlin.ovpn";`
fix: openvpn 2020-01-18 08:02:02 +01:00			`sha256 = "15b55aibik5460svjq2gwxrcyh6ay4k8savd6cd5lncgndmd8p8h";`
			`});`
Factor out HU 2019-01-08 18:22:54 +01:00			`};`
			`}`